<?php

    $servername = "localhost";
    $username = "root";
    $password = "root123";
    $dbname = "oopdb";

    $conn = new mysqli($servername, $username, $password, $dbname);
    if ($conn->connect_error) {
        die("连接失败：".$conn->connect_error);
    }
    echo "连接成功！",PHP_EOL;


    $name = $_POST["name"];
    $kind = $_POST['kind'];

////    不进行预处理
//    $sql = "select * from fish where name = '$name'  and kind = '$kind'";
//    $result = $conn->query($sql);
//
//    $row = $result->fetch_all(MYSQLI_ASSOC);
//
//    echo $sql,PHP_EOL;
//    echo "<pre>";
//    var_dump($row);
//
//    $conn->close();




//    对查询进行预处理
    $sql = "select * from fish where name = ? and kind = ?";
    $stmt = $conn->prepare($sql);

    $stmt->bind_param("ss",$name,$kind);
    $stmt->execute();

    $result = $stmt->get_result();
    $row = $result->fetch_all(MYSQLI_ASSOC);
//    echo "<pre>";
//    var_dump($stmt);
    echo "<pre>";
    var_dump($row);


//输出的另外一种写法
//    $result = $stmt->get_result();
//    print_r('<pre>');
//    print_r($result->fetch_all());



    $stmt->close();

?>